Bringing cybersecurity globally to critical and complex key activities
The cyber training and experiment offer by Thales, is a comprehensive cybersecurity service designed for immersive practical training and realistic cyber scenarios replication. With a focus on client engagement and a dedication to user communities, Thales brings to customers a wealth of experience, including specialized use cases, to the table.
At Thales, our commitment to excellence in cybersecurity is reflected in our robust training infrastructure.
Thales is dedicated to covering all critical areas of cybersecurity, ranging from aerospace to defense, including industries, space, operational technology, naval, and automotive sectors. We understand the crucial importance of training cybersecurity professionals in diverse contexts to ensure resilience against current and emerging threats.
Cyber Labs & Academies and 7 fully held by Thales
15 Cyber Range partners
Multiple training experts
5 levels of expertise
Practical & theorical contents
Covering critical domains: Banking, Aeronautics, OT, Industry, Energy, Space, Defence, Naval, Governments, Automotive…
500 trainings per year
The cyber training and experiment offer by Thales, is a comprehensive cybersecurity service designed for immersive practical training and realistic cyber scenarios replication. With a focus on client engagement and a dedication to user communities, Thales brings to customers a wealth of experience, including specialized use cases, to the table.
At Thales, our commitment to excellence in cybersecurity is reflected in our robust training infrastructure.
We understand the crucial importance of training cybersecurity professionals in diverse contexts to ensure resilience against current and emerging threats.
Our experts have developed a comprehensive range of immersive, hands-on training courses to help your staff understand and respond to cyber threats in a realistic environment.
At Thales, we have the capability to offer you various types of courses to cater to your specific needs.
Our Crash Courses offer a quick and thorough dive into crucial areas of cybersecurity.
Whether you prefer direct interaction, practical immersion, or stimulating challenges, our training offerings are designed to provide you with a comprehensive learning experience.
Regardless of your preference in terms of course typology, at Thales, we are committed to providing a rewarding learning experience tailored to your individual needs.
We mainly offer theoretical courses, with an informative and interactive approach between our experts and students. They can be given at your premises, at a distance or in our cyber-labs or academies.
For those who prefer to practise, our training sessions combine theory and exercises. This method guarantees a deep understanding of the concepts taught, reinforced by practical application.
If you are looking for total immersion, our scenario-based courses allow you to take on specific challenges and develop your skills in a real context of use cases and practice.
Competition enthusiasts will enjoy our Capture the Flag or large-scale cybersecurity exercises, challenges that will test your knowledge and skills in a fun and stimulating way.
We take pride in offering you a diverse range of courses tailored to all levels of expertise. Whether you’re a beginner, a professional, or an expert, we have something to offer you.
Our courses are meticulously designed to meet the needs of each individual, with progressive levels ranging from Novice to Expert.
Join us in this educational adventure, where knowledge and skill intertwine to propel you to new heights. Regardless of where you are on the expertise scale, there is always something new to discover and master.
Explore the diverse range of training programs, covering essential skills in Hacking & Forensics, crucial aspects of Data Privacy, Security Management, and Application Security.
AGENDA
The course is organized into instructional units, each presenting a variable number of situations:
• Unit 0. Introduction.
• Unit 1. Office access.
• Unit 2. At the workplace.
• Unit 3. A break at work.
• Unit 4. Return to work.
• Unit 5. Work visit.
• Unit 6. Telecommuting.
• Final questionnaire.
GENERAL INFORMATION
Introduction-level course
Mode: Online Training.
Duration: Available for 1 week.
INFORMATION SECURITY FOR MANAGEMENT AND LEADERSHIP
AGENDA
• Introduction.
• Most frequent threats.
• Security measures and a summary of good practices.
• Conclusions.
GENERAL INFORMATION
Introcution-level course
Mode: On-site training.
Duration: 2 hours
CYBERSECURITY INDUCTION PROGRAMME
AGENDA
• Unit 0. Introduction
• Unit 1. Logical security: passwords
• Unit 2. Clean tables
• Unit 3. Session locking
• Unit 4. Malware prevention
• Unit 5. SPAM
• Unit 6. Phishing
• Unit 7. Security in web browsing
• Unit 8. Social engineering
• Unit 9. Security in social networks
• Unit 10. Remote working
• Unit 11. Security on mobile devices
• Unit 12. Security incidents
• Unit 13. Cryptographic practices
• Unit 14. SCADA
• Unit 15. Clickjacking
• Unit 16. Data loss
• Unit 17. Identity theft
• Unit 18. PC protection
• Unit 19. Email security
GENERAL INFORMATION
Basic-level course
Mode: On-site and/or online training.
Duration: 3 hours in on-site mode / 1 month accessible in online mode.
The modules that make up the course are independent of each other, and can be divided into groups of 5, 10 or 19 units. The introductory module is included in all groups.
EUROPEAN DATA PROTECTION REGULATION
Fundamentals of personal data protection.
AGENDA
• Regulatory Framework and Existing Legislation
• Basic concepts of data protection
• Main novelties of the GDPR
• Personal data and legitimacy for processing
• Information, Consent and Transparency
• Data subjects' rights
• Sensitive personal data and profiling
• Responsibilities: Data Controller and Data Processor
• International Transfers
• Data protection officer. Obligations
• Register of Processing Activities
• Security Measures in Processing
• Notification of security breaches
• Risk Management and Data Protection Impact Assessment
• Management Systems and GDPR
GENERAL INFORMATION
Basic-level course.
Mode: On-site and online training.
Duration: 1 day (4 hours) on-site mode | 2 weeks online mode
PCI DSS FUNDAMENTALS
SUMMARY
Learn in detail about the contents and implications of the PCI DSS card payment security standard. This 1-day course will allow you to learn in some detail about all the requirements established in the standard to guarantee the security of card payments.
AGENDA
• Introduction: general concepts
• Identification of other payment card industry standards related to PCI DSS
• Identification of PCI DSS scope and mitigation strategies
• Compliance reporting criteria
• Detail of PCI DSS requirements
GENERAL INFORMATION
Basic-level course
Mode: On-site and online training.
Duration On-site mode: 1 day (4 hours)
Duration Online mode: 2 months accessible on the platform
Course taught by a PCI QSA expert, certified by the payment brands for the development of PCI certification audits.
NATIONAL SECURITY SCHEME
SUMMARY
1 day (4 hours) course during which participants acquire basic knowledge and skills on the principles and minimum requirements of Security Policy in e-Government services, with emphasis on those measures linked to public administration workplaces.
AGENDA
GENERAL INFORMATION
Basic-level course
Mode: On-site training
Duration: 1 day (4 hours)
BUSINESS CONTINUITY. FUNDAMENTALS
Learn about the problems, concepts and fundamental principles, as well as the legal and regulatory framework applicable to each area of cybersecurity knowledge.
SUMMARY
• The main concepts of business continuity.
• The process and its main contingency management activities from the time of the incident, through contingency recovery to the return to business as usual.
• The Business Continuity Plan documents.
• The approach to the implementation of a Business Continuity Management System in accordance with ISO 22301.
AGENDA
• Business continuity risks and impacts
• Concepts and definitions
• Contingency process (incident management and recovery management)
• Approach to the implementation of a business continuity management system
GENERAL INFORMATION
Basic-level course
Mode: On-site and online training
Duration: 1 day (4 hours) on-site mode/ 1 week online mode
SECURITY GOVERNANCE
SUMMARY
Learn how to define Strategic Cybersecurity Plans, the steps for implementing and certifying an Information Security Management System (ISMS), or the international reference standards for Security Governance such as ISO 27000, ITIL, COBIT, etc.
AGENDA
Module 01
Module 02
Module 03
GENERAL INFORMATION
Advanced-level course
Mode: On-site and online training
Duration: 3 days (15 hours) in on-site mode / 2 months in online mode
PCI-DSS COURSE FOR ADMINISTRATORS
SUMMARY
In this 3-day course, participants will acquire knowledge about all the security requirements and implications related to the PCI DSS standard developed by payment card brands for the processing, storage, or transmission of card data within information systems. The course is aimed at merchants, providers, or processors of payment card data, IT or Compliance Managers, Heads of Payment Departments in banks, and providers of IT services, hosting, web, etc.
AGENDA
GENERAL INFORMATION
Advanced-level course
Mode: On-site training
Duration: 3 days x 5h/day
Course taught by a PCI QSA expert, certified by payment card brands for the development of PCI certification audits.
ISO/IEC 27001 LEAD AUDITOR
SUMMARY
A 5-day intensive course that enables participants to develop the necessary competencies to audit an Information Security Management System according to ISO 27001 and to lead a team of auditors by applying the most recognised auditing principles, procedures and techniques.
AGENDA
• Introduction to Information Security Management System (ISMS) concepts according to ISO 27001.
• Planning and initiating an ISO 27001 audit.
• Conduct a Social Responsibility audit based on ISO 27001.
• Complete the ISO 27001 audit and establish follow-up activities.
• ANSI accredited certification exam.
GENERAL INFORMATION
Expert-level course
Mode: On-site training or webinar
Duration: 5 days, 7 hours per day. Last day of the exam.
The Certified ISO 27001 Lead Auditor exam lasts 3 hours and is available in several languages, including English, Spanish and Portuguese.
BSI FUNDAMENTALS ISO 27001
AGENDA
Learn the purpose, control objectives and implications of the international standard for Information Security Management (ISO 27001:2013).
• Information Security Management (ISM)
• Background of ISO/IEC 27001 and ISO/IEC 27002
• Clause 4: Organisational context.
• Clause 5: Leadership
• Clause 6: Planning
• Clause 7: Support
• Clause 8: Operation
• Clause 9: Performance evaluation.
• Clause 10: Improvement
• Reflection and feedback
GENERAL INFORMATION
Basic-level course
Mode: On-site training
Duration: 1 day
Upon successful completion of this course, you will receive an internationally recognised BSI certificate.
BSI ISO 27001 IMPLEMENTATION
SUMMARY
The objective of this course is to provide attendees with the necessary skills to implement an ISMS in accordance with the requirements of ISO 17799 and also meet the requirements of ISO/IEC 27001:2013 certification.
AGENDA
DAY 01
• Rationale for an ISMS and important considerations
• What is implementation?
• What is the implementation process and process model?
• Senior management interview
• Project scoping and planning
• Cost estimation
• Steps in a project process
• Developing a typical timeline for an implementation plan
• Process-based approach
• Plan-Do-Check-Act and ISMS
• ISO /IEC 27001 structure, history, terms and definitions
• High-level structure
• Management representative criteria
• Day 01 Review
DAY 02
• Gap analysis - step 01 / GAP analysis
• What are the gaps?
• Clause 4: Organisational context
• Stakeholders and information assets
• Gap analysis - stage 2 asset register and asset classification
• Clause 5: Top management
• Information security policy
• Clause 6: Planning
• Risk assessment
• Risks - threats and vulnerabilities
• Risk assessment tool - FMEA
• Risk assessment and risk likelihood of risk
• Day 02 review
GENERAL INFORMATION
Advanced-level course
Mode: On-site training
Duration: 2 days
Upon successful completion of this course, you will receive an internationally recognised BSI certificate.
BSI ISO 27001 LEAD AUDITOR
SUMMARY
five-day intensive course that prepares attendees for the ISO 27001:2013 qualification process and teaches them how to conduct audits for certification bodies.
GENERAL INFORMATION
Expert-level course
Mode: On-site training
Duration: 5 days full time
PRICE
On-site mode: €1590/student
BSI ISO 20000 FUNDAMENTALS
Learn about ISO/IEC 20000 parts 1 and 2 of the certification process and how to interpret and apply the key concepts and principles of the standard to existing processes within your organisation.
AGENDA
• Introduction to service management and ISO/IEC 20000-1.
• ISO/IEC 20000 series and related standards
• Structure of ISO/IEC 20000-1.
• Clause 4: Organisational context.
• Clause 5: Leadership
• Clause 6: Planning
• Clause 7: SMS Support.
• Clause 8: SMS operation.
• Clause 9: Performance evaluation.
• Clause 10: Improvement
• Benefits of ISO/IEC 20000-1 certification
• Reflection and feedback
GENERAL INFORMATION
Basic-level course
Mode: On-site training
Duration: 1 day
Upon successful completion of your course, you will receive an internationally recognised BSI certificate.
BSI ISO 20000 IMPLEMENTATION
SUMMARY
In this course you will discover how to implement an SGS based on ISO/IEC 20000-1: 2018.
AGENDA
DAY 01
• The service management system - refreshing your knowledge
• Planning the implementation of ISO/IEC 20000-1
• Starting the implementation process
• Documented information including gap analysis
• Organisational context (clause 4)
• Baseline gap analysis
• Project plan
• Leadership (clause 5)
• Planning (Clause 6)
• SMS Support (Clause 7)
• Organisations and roles in ISO/IEC 20000-1
DAY 02
• System operation (clause 8 and 8.1)
• Service portfolio (clause 8.2)
• Relationships and agreements (clause 8,.3)
• Supply and demand (Clause 8.4)
• Service design, construction and transition (clause 8.5)
• Resolution and performance (clause 8.6)
• Service assurance (clause 8.7)
• Performance evaluation and improvement (clauses 9 and 10)
• ISO/IEC 20000 series
• Other sources of information
• Audits and certification
• Reflection and feedback
GENERAL INFORMATION
Expert-level course
Mode: On-site training
Duration: 2 days
Upon successful completion of your course, you will receive an internationally recognised BSI certificate.
ISO/IEC 20000-1:2018 IMPLEMENTATION COURSE
SUMMARY
ISO/IEC 20000-1:2018 is a best practice framework for a service management system. It enables you to embed a service lifecycle strategy into your organisation, providing best practice guidance on how to manage your service portfolio so that it remains current and delivers value.
AGENDA
• Introduction
• General requirements of an SMS
• Service design and transition
• Service provision
• Relationship processes
• Resolution processes
• Control processes
GENERAL INFORMATION
Advanced-level course
Mode: On-site training
Duration: 3 days
ISO/IEC 20000 1:2018 LEAD AUDITOR COURSE
SUMMARY
This course will help you identify the purpose and benefits of a Service Management System, to plan, conduct, report and follow up an audit in accordance with ISO/IEC 20000-1, to explain and understand the role of an auditor in conducting an audit and to lead a team of auditors as Lead Auditor.
AGENDA
• Day 1 - General principles of an SMS
• Day 2 - Audit programmes and audit planning
• Day 3 - Execution of audits
• Day 4 - Closing and follow-up of audits
• Day 5 - Review
GENERAL INFORMATION
Expert-level course
Mode: On-site training
Duration: 5 days
ISO/IEC 27001 IMPLEMENTATION COURSE
Implementing an Information Security Management System according to the ISO/IEC 27001 standard will enable you establish and assess your information security objectives and needs, identify and assess the company's information assets, identify and assess the risks to these assets and their impact, define appropriate policies and procedures and put them into practice and carry out the implementation of the Information Security Management System.
AGENDA
• Introduction and basic concepts
• Context of an Information Security Management System (ISMS)
• ISMS Leadership
• ISMS planning
• ISMS Support
• ISMS Operation
• ISMS Evaluation
• ISMS Improvement
GENERAL INFORMATION
Advanced-level course
Mode: On-site training
Duration: 2 days
IMPLEMENTATION COURSE ISO 22301
SUMMARY
Implementing a Business Continuity Management System (BCMS) according to the ISO 22301 standard will allow you to meet organizational resilience expectations. Through this course, you will learn to conduct a review of your organization's current position and implement key principles of the ISO 22301 standard. Designed for professionals aiming to implement, maintain, and/or improve a business continuity management system.
• Introduction and basic concepts
• Context of a Business Continuity Management System (BCMS)
• Leadership of the BCMS
• Planning the BCMS
• Support for the BCMS
• Operation of the BCMS
• Evaluation of the BCMS
• Improvement of the BCMS
GENERAL INFORMATION
Advanced-level course
Mode: On-site training
Duration: 2 days
COURSE ON ISO/IEC 27001 LEAD AUDITOR
Designed for professionals aiming to lead audit teams, pursue a career in conducting audits (internal, external, certification), or acquire the necessary knowledge to pass an audit.
This course will help you solidify your knowledge of information security, implement audit processes based on ISO 27001, have confidence in your ability to assess potential security threats, manage risks, reduce your organization's risk through an ISMS process, and gain the necessary skills to lead and manage an ISO 27001 audit team.
AGENDA
• Day 1 – Overview of the audit process
• Day 2 – Auditing an ISMS and the initial phase of the audit
• Day 3 – Auditing the core of the ISMS
• Day 4 – Non-conformities, continuous improvement, and monitoring
• Day 5 – Examination
GENERAL INFORMATION
Expert-level course
Mode: On-site training
Duration: 5 days
ISO 22301 LEAD AUDITOR COURSE
Designed for professionals aspiring to lead audit teams, pursue a career in conducting audits (internal, external, certification), or acquire the necessary knowledge to pass an audit.
Through this course, you will be able to verify if the business continuity management system complies with the requirements of the ISO 22301 standard. It provides the knowledge needed to plan, conduct, report, and follow up on an audit in accordance with ISO 22301 and ISO 19011 standards.
AGENDA
• Day 1 – Overview of the audit process
• Day 2 – Auditing the ISO 22301 standard
• Day 3 – Audit development
• Day 4 – Non-conformities, continuous improvement, and monitoring
• Day 5 – Examination
GENERAL INFORMATION
Expert-level course
Mode: On-site training
Duration: 5 days
We take pride in offering a diverse range of cybersecurity courses tailored to meet your learning preferences. Regardless of your courses delivery choice, our commitment is to deliver cutting-edge training to empower you to excel in the field of cybersecurity
Our offerings span to accommodate all learning preferences, whether you prefer:
an in-person approach or a collective approach, with sessions that can be arranged directly in your offices, in our Thales Cyber Labs, or within the Thales Academies, ensuring personalized and high-quality learning or if you opt for maximum flexibility with our online courses.
For those seeking hands-on experience, our online courses are connected to our cyber range, providing a real-world simulation to enhance your skills.
Highlights the benefits of deploying a SIEM within your IT infrastructure. Explore the functionalities offered by SIEM systems to facilitate the management of security related events.
Improve the Ethical Hacking techniques in order to assess the impacts and to ensure a better protection on systems against cyber criminality.
Improve your knowledge in the field of cyber governance and compliance with cyber standards and regulations.
Our turnkey platform integrates custom content developed through diverse cyber labs worldwide, introducing OT and physical equipment into scenarios while providing virtualized experiences.
With a focus on replicating your infrastructure in a secure environment, we offer a rich portfolio of advanced exercises and courses, ensuring your team is well equipped to face evolving cyber threats.
This open and scalable solution is your partner in building cybersecurity resilience, boosting confidence in your products, and preparing your organization to tackle any cyber challenge.
Our cyber attacks and simulation scenarios are covering several critical domains: Aeronautics, OT, Industry, Space, Defence, Naval, Automotive, Banking, etc.
In the ever-evolving landscape of cybersecurity, cyber exercises stand out as an essential pedagogical method, grounded in immersive simulations and practical exercises. Customized for various technical domains such as avionics, ground transportation, defense, etc., this program offers a targeted learning experience.
With an extensive catalog of scenarios, flexibility to meet advanced needs, and a daily link to threat intelligence services, these exercises stay constantly updated. Beyond enhancing cybersecurity skills, the support extends to the co-creation of personalized cyber labs or academies.
The global reach and collaboration within a community enrich the experience, while long-term partnerships with major actors ensure credibility and relevance, thereby reinforcing the effectiveness of cyber exercises.
What sets us apart is our commitment to building and enhancing your cyber workforce. Our academies worldwide are your gateway to excellence and a recognized reference center, offering certified learning paths and full-fledged curricula. Whether you’re aiming to become a CISO, a forensic expert, a SOC analyst, or any other specialized role, we have tailored training modules that suit your aspirations.
But we don’t stop at theory; we emphasize hands-on experience. Our international cybersecurity exercises and immersive training programs encompass activities like forensic investigations, red team-blue team challenges, capture the flag competitions, and a wide array of cybersecurity experiments. Upon completion, our participants receive accreditation as cybersecurity experts and gain the skills to evaluate and test cybersecurity products effectively.
Thales Cyber Academies are your partners in shaping the next generation of cybersecurity professionals.
“The Academy will offer specialised skills and expertise to deal with any cyber-attack or piracy”
“The main element of the training is the Cybels Range simulation platform, which creates realistic scenarios and topologies to test and improve participants’ knowledge”
The Cyber Node’s main goals:
•Empowering specialized cyber competencies and incubating technological indications to support the digital economy of the UAE and beyond. Proposing theorical trainings as well as practical ones, capitalising on a Cyber Range platform
•268 individual trainees
•744 training hours conducted
•Certified CISO Executive Program
In the dynamic realm of cybersecurity, Cyber Labs emerge as dedicated spaces designed to fortify defense strategies and enhance the capabilities of individuals and organizations.
Thales Cyber Labs represent an exceptional environment for the development of human and technical skills aimed at effectively defending systems and organizations against cyber attacks.
The activities of our Cyber Labs cover various domains, including military cybersecurity (Ministry Of Defence) Cyber Security), industrial control system cybersecurity (ICS), and cybersecurity trainings.
A distinctive feature of these labs is their flexibility in accommodating diverse needs, with training content accessible remotely and crafted with expert support. Specifically tailored to address the intricacies of both IT infrastructure and Operational Technology (OT) industrial environments, the Cyber Labs provide a versatile and adaptive solution for cybersecurity research, development, and training initiatives.
We are dedicated to educating experts capable of preventing and countering cyber threats. Our programs include tailored training to address specific needs.
We analyze and understand the resilience of systems when confronted with cyberattacks. This expertise is crucial for strengthening infrastructure security.
We push the boundaries of cybersecurity by exploring the unknown and proposing innovative approaches to protect systems and data.
A partnership with the Welsh Government and the University of South Wales, UK
Providing an on-site expertise accessed by enterprises as General Electric to evaluate, develop and test digital concepts in a safe and secure environment. Educating communities, small businesses and national enterprises on the importance of cybersecurity. Supporting the development of a national cyber strategy
NDEC, hosted at the Cyber Centre at Fredericton’s Knowledge Park in Canada to strengthen cybersecurity capabilities in industrial systems.
•Research and development facilities that enable small- and medium-sized enterprises (SMEs) to test and develop digital transformation projects.
•The project will include the National Digital Excellence Centre Canada (NDEC Canada), as well as Thales’ Cyber Security Operations Centre (CSOC) for North America.
•A hub of digital excellence, development and education, connecting New Brunswick to technology centres everywhere.
In the heart of the ecosystem of institutions located in Belgium, the Tubize Cyberlab is meeting the growing need of businesses, operators of essential services and public institutions that face the rise in cyberthreats.
With this new Cyberlab, Thales can reproduce the information networks as well as operational technologies of an organisation, thanks to a dedicated platform, to test its resistance to the latest forms of cyberattacks.
•Validation of the level of security of the system;
•Training of cybersecurity specialists in a real environment;
•Support for businesses in developing products incorporating cybersecurity in their design.
They are engineers from our Competence Areas: auditors, consultants, integrators, cryptography specialists and analysts, who actively participate in the day-to-day projects. This allows our courses to be highly practical and constantly evolving to meet the needs of the vast and ever-changing world of cybersecurity.
“ I’d like to congratulate you on this course, which is the best I’ve taken in over 20 years at Thales. It provides a very comprehensive overview of the different Cyber topics, and I also really appreciated the presence of speakers who brought their technical expertise to the table, as well as the use of Cyber-Range virtualization.”
Lucas P., Student
“ Thanks for everything! It was really great to have you as a trainer. Your patience, your listening skills, your pedagogy. You were really there to share knowledge and not to cut down slides: this will remain an excellent memory. The way the course was organized, alternating theory, demos, testimonials, contributions from outsiders and listening to students' concerns, was a recipe for success that suited me perfectly.”
Amy L, Student
Organizing a Joint Exercise under the direction of the cyber defence operational chain and taking place on 11 military sites in 8 regions:
Simulating Navy networks
Specific cyber crisis scenario
CSIRT/First Incident Response training sessions
